Skip to content

Publish Docker image to ghcr.io on master push #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fffaraz merged 2 commits into from
Mar 20, 2026
Merged

Publish Docker image to ghcr.io on master push #4

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0e66bd3
Initial plan
Copilot Mar 20, 2026
51432f3
Update docker workflow to publish image to ghcr.io on master push
Copilot Mar 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 32 additions & 2 deletions .github/workflows/docker-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,37 @@ jobs:

runs-on: ubuntu-latest

permissions:
contents: read
packages: write
Comment on lines +15 to +17

Copilot AI Mar 20, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

packages: write is granted for the entire job, including pull_request runs. Even though the workflow doesn’t push on PRs, least-privilege is to avoid write-scoped tokens when executing PR code. Consider splitting into two jobs (PR build with read-only permissions, push job with packages: write and if: github.event_name == 'push'), or moving the publishing steps into a separate workflow triggered only on push to master with elevated permissions.

Copilot uses AI. Check for mistakes.

steps:
- uses: actions/checkout@v4
- name: Build the Docker image
run: docker build . --file Dockerfile --tag fakessh:$(date +%s)

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to GitHub Container Registry
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=sha

- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name == 'push' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Loading